Setup Procedure of HKUVPN with Multi-Factor Authentication (MFA) for Windows

1. Prerequisite

  1. MFA authentication (MFA) is required for accessing the HKUVPN service.
  2. Only the Microsoft Authenticator App or SMS (Phone Text) are supported as sign-in methods for logging into the HKUVPN service. The phone call method is NOT compatible with HKU VPN. Please refer to the appendix for instructions on changing your default sign-in method to a supported option.
  3. Please uninstall any earlier version of Cisco Anyconnect VPN or Cisco Secure Client from your PC before you start the following installation.

2. Configuration Procedures (to be done once only)

  1. Download the VPN client for Windows from here.
  2. Click Next.

    Click Next

  3. Select I accept the terms in the License Agreement and click Next.

    Select I accept the terms in the License Agreement and click Next

  4. Click Install.

    Click Install

  5. In User Account Control window, click Yes to allow the installation of VPN client. The following steps are illustrated using Windows 11.

    In User Account Control window, click Yes to allow the installation of VPN client. The following steps are illustrated using Windows 11.

  6. Click Finish to complete the setup.

    Click Finish to complete the setup.

3. Connection Procedures

  1. Locate the Cisco Secure Client program from your Start Menu. You can also use Search vpn_2Fa_win_08 to find it.

    Locate the Cisco Secure Client program from your Start Menu. You can also use Search  to find it.

  2. Enter “vpn2fa.hku.hk” and click Connect.

    Enter “vpn2fa.hku.hk” and click Connect

  3. Enter your HKU email address (UID@hku.hk or UID@connect.hku.hk) and PIN in the Username and Password fields respectively and click OK

    Enter your HKU email address (UID@hku.hk or UID@connect.hku.hk) and PIN in the Username and Password fields respectively and click OK

  4. (i) For users who choose Microsoft Authenticator App as the default sign-in method (The most common method):
    • Open the Microsoft Authenticator app on your mobile device.
    • Retrieve the One-time password (OTP).

      Retrieve the One-time password (OTP)

    (ii) For users who choose SMS (Phone Text) as the default sign-in method:

    • You will receive an SMS containing the One-time password (OTP) on your registered phone number.
    • The OTP is valid for 3 minutes from the time it is sent. Retrieve the OTP from the SMS.

      The OTP is valid for 3 minutes from the time it is sent. Retrieve the OTP from the SMS.

  5. Enter the 6-digitOne Time Password (OTP) in the Answer box and click Continue.

    Enter the 6-digitOne Time Password (OTP) in the Answer box and click Continue.

  6. After successful connection, a VPN Logo with padlock will appear in the system tray.

    After successful connection, a VPN Logo with padlock will appear in the system tray.

  7. Click the VPN icon in the system tray and click Disconnect button to disconnect from HKUVPN Server.

    Click the VPN icon in the system tray and click Disconnect button to disconnect from HKUVPN Server.

Appendix: (Optional Step) Updating the Default Sign-in Method in MFA

  1. Visit your Microsoft 365 account settings at https://myaccount.microsoft.com/
  2. Sign in using your HKU credentials.
  3. Go to the “Security info” section.
  4. Set “App-based authentication – Notification” as your default sign-in method under the section titled “You’re using the most advisable sign-in method where it applies.”

    Set "App-based authentication - Notification" as your default sign-in method under the section titled "You’re using the most advisable sign-in method where it applies."
4
1